4.6
中危
该样本未表现出任何异常!
重新分析
更多

9fb8e43ab6bf596bffb8f9279cbb1e895d21ec79d699c6b6ab93e3e95837baef

220f6f64e0f44e0db58f18a7cf3edc65.exe

分析耗时

24s

最近分析

文件大小

643.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619269229.749212
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49217348
registers.edi: 0
registers.eax: 0
registers.ebp: 49217416
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 701
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 62 7f 00 00 e9
exception.symbol: 220f6f64e0f44e0db58f18a7cf3edc65+0x4faed
exception.instruction: div eax
exception.module: 220f6f64e0f44e0db58f18a7cf3edc65.exe
exception.exception_code: 0xc0000094
exception.offset: 326381
exception.address: 0x44faed
success 0 0
1619302266.581125
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
220f6f64e0f44e0db58f18a7cf3edc65+0x58a4d @ 0x458a4d
220f6f64e0f44e0db58f18a7cf3edc65+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdc914ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619269229.593212
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00350000
success 0 0
1619269229.749212
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0044f000
success 0 0
1619269229.764212
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e70000
success 0 0
1619302265.706125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619302265.768125
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ea0000
success 0 0
1619302265.768125
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa0000
success 0 0
1619302265.768125
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00620000
success 0 0
1619302265.768125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00622000
success 0 0
1619302266.034125
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02150000
success 0 0
1619302266.034125
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02270000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619302266.550125
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.496413297709035 section {'size_of_data': '0x00040a00', 'virtual_address': '0x00066000', 'entropy': 7.496413297709035, 'name': '.rsrc', 'virtual_size': '0x0004091c'} description A section with a high entropy has been found
entropy 0.40264797507788164 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2984 called NtSetContextThread to modify thread in remote process 2452
Time & API Arguments Status Return Repeated
1619269230.421212
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894112
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2984 resumed a thread in remote process 2452
Time & API Arguments Status Return Repeated
1619269230.968212
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619269230.186212
CreateProcessInternalW
thread_identifier: 2616
thread_handle: 0x00000100
process_identifier: 2452
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\220f6f64e0f44e0db58f18a7cf3edc65.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619269230.186212
NtUnmapViewOfSection
process_identifier: 2452
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619269230.202212
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2452
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619269230.421212
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619269230.421212
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894112
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
1619269230.968212
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45b13c VirtualFree
0x45b140 VirtualAlloc
0x45b144 LocalFree
0x45b148 LocalAlloc
0x45b14c GetVersion
0x45b150 GetCurrentThreadId
0x45b15c VirtualQuery
0x45b160 WideCharToMultiByte
0x45b164 MultiByteToWideChar
0x45b168 lstrlenA
0x45b16c lstrcpynA
0x45b170 LoadLibraryExA
0x45b174 GetThreadLocale
0x45b178 GetStartupInfoA
0x45b17c GetProcAddress
0x45b180 GetModuleHandleA
0x45b184 GetModuleFileNameA
0x45b188 GetLocaleInfoA
0x45b18c GetCommandLineA
0x45b190 FreeLibrary
0x45b194 FindFirstFileA
0x45b198 FindClose
0x45b19c ExitProcess
0x45b1a0 WriteFile
0x45b1a8 RtlUnwind
0x45b1ac RaiseException
0x45b1b0 GetStdHandle
Library user32.dll:
0x45b1b8 GetKeyboardType
0x45b1bc LoadStringA
0x45b1c0 MessageBoxA
0x45b1c4 CharNextA
Library advapi32.dll:
0x45b1cc RegQueryValueExA
0x45b1d0 RegOpenKeyExA
0x45b1d4 RegCloseKey
Library oleaut32.dll:
0x45b1dc SysFreeString
0x45b1e0 SysReAllocStringLen
0x45b1e4 SysAllocStringLen
Library kernel32.dll:
0x45b1ec TlsSetValue
0x45b1f0 TlsGetValue
0x45b1f4 LocalAlloc
0x45b1f8 GetModuleHandleA
Library advapi32.dll:
0x45b200 RegQueryValueExA
0x45b204 RegOpenKeyExA
0x45b208 RegCloseKey
Library kernel32.dll:
0x45b210 lstrcpyA
0x45b214 WriteFile
0x45b218 WaitForSingleObject
0x45b21c VirtualQuery
0x45b220 VirtualProtect
0x45b224 VirtualAlloc
0x45b228 Sleep
0x45b22c SizeofResource
0x45b230 SetThreadLocale
0x45b234 SetFilePointer
0x45b238 SetEvent
0x45b23c SetErrorMode
0x45b240 SetEndOfFile
0x45b244 ResetEvent
0x45b248 ReadFile
0x45b24c MulDiv
0x45b250 LockResource
0x45b254 LoadResource
0x45b258 LoadLibraryA
0x45b264 GlobalUnlock
0x45b268 GlobalReAlloc
0x45b26c GlobalHandle
0x45b270 GlobalLock
0x45b274 GlobalFree
0x45b278 GlobalFindAtomA
0x45b27c GlobalDeleteAtom
0x45b280 GlobalAlloc
0x45b284 GlobalAddAtomA
0x45b288 GetVersionExA
0x45b28c GetVersion
0x45b290 GetTickCount
0x45b294 GetThreadLocale
0x45b29c GetSystemTime
0x45b2a0 GetSystemInfo
0x45b2a4 GetStringTypeExA
0x45b2a8 GetStdHandle
0x45b2ac GetProcAddress
0x45b2b0 GetModuleHandleA
0x45b2b4 GetModuleFileNameA
0x45b2b8 GetLocaleInfoA
0x45b2bc GetLocalTime
0x45b2c0 GetLastError
0x45b2c4 GetFullPathNameA
0x45b2c8 GetDiskFreeSpaceA
0x45b2cc GetDateFormatA
0x45b2d0 GetCurrentThreadId
0x45b2d4 GetCurrentProcessId
0x45b2d8 GetCPInfo
0x45b2dc GetACP
0x45b2e0 FreeResource
0x45b2e4 InterlockedExchange
0x45b2e8 FreeLibrary
0x45b2ec FormatMessageA
0x45b2f0 FindResourceA
0x45b2f8 ExitThread
0x45b2fc EnumCalendarInfoA
0x45b308 CreateThread
0x45b30c CreateFileA
0x45b310 CreateEventA
0x45b314 CompareStringA
0x45b318 CloseHandle
Library version.dll:
0x45b320 VerQueryValueA
0x45b328 GetFileVersionInfoA
Library gdi32.dll:
0x45b330 UnrealizeObject
0x45b334 StretchBlt
0x45b338 SetWindowOrgEx
0x45b33c SetViewportOrgEx
0x45b340 SetTextColor
0x45b344 SetStretchBltMode
0x45b348 SetROP2
0x45b34c SetPixel
0x45b350 SetDIBColorTable
0x45b354 SetBrushOrgEx
0x45b358 SetBkMode
0x45b35c SetBkColor
0x45b360 SetArcDirection
0x45b364 SelectPalette
0x45b368 SelectObject
0x45b36c SaveDC
0x45b370 RestoreDC
0x45b374 RectVisible
0x45b378 RealizePalette
0x45b37c PatBlt
0x45b380 MoveToEx
0x45b384 MaskBlt
0x45b388 LineTo
0x45b38c IntersectClipRect
0x45b390 GetWindowOrgEx
0x45b394 GetTextMetricsA
0x45b3a0 GetStockObject
0x45b3a4 GetPixel
0x45b3a8 GetPaletteEntries
0x45b3ac GetObjectA
0x45b3b0 GetDeviceCaps
0x45b3b4 GetDIBits
0x45b3b8 GetDIBColorTable
0x45b3bc GetDCOrgEx
0x45b3c4 GetClipBox
0x45b3c8 GetBrushOrgEx
0x45b3cc GetBitmapBits
0x45b3d0 ExcludeClipRect
0x45b3d4 DeleteObject
0x45b3d8 DeleteDC
0x45b3dc CreateSolidBrush
0x45b3e0 CreatePenIndirect
0x45b3e4 CreatePalette
0x45b3ec CreateFontIndirectA
0x45b3f0 CreateDIBitmap
0x45b3f4 CreateDIBSection
0x45b3f8 CreateCompatibleDC
0x45b400 CreateBrushIndirect
0x45b404 CreateBitmap
0x45b408 BitBlt
Library user32.dll:
0x45b410 CreateWindowExA
0x45b414 WindowFromPoint
0x45b418 WinHelpA
0x45b41c WaitMessage
0x45b420 UpdateWindow
0x45b424 UnregisterClassA
0x45b428 UnhookWindowsHookEx
0x45b42c TranslateMessage
0x45b434 TrackPopupMenu
0x45b43c ShowWindow
0x45b440 ShowScrollBar
0x45b444 ShowOwnedPopups
0x45b448 ShowCursor
0x45b44c SetWindowsHookExA
0x45b450 SetWindowPos
0x45b454 SetWindowPlacement
0x45b458 SetWindowLongA
0x45b45c SetTimer
0x45b460 SetScrollRange
0x45b464 SetScrollPos
0x45b468 SetScrollInfo
0x45b46c SetRect
0x45b470 SetPropA
0x45b474 SetParent
0x45b478 SetMenuItemInfoA
0x45b47c SetMenu
0x45b480 SetForegroundWindow
0x45b484 SetFocus
0x45b488 SetCursor
0x45b48c SetClassLongA
0x45b490 SetCapture
0x45b494 SetActiveWindow
0x45b498 SendMessageA
0x45b49c ScrollWindow
0x45b4a0 ScreenToClient
0x45b4a4 RemovePropA
0x45b4a8 RemoveMenu
0x45b4ac ReleaseDC
0x45b4b0 ReleaseCapture
0x45b4bc RegisterClassA
0x45b4c0 RedrawWindow
0x45b4c4 PtInRect
0x45b4c8 PostQuitMessage
0x45b4cc PostMessageA
0x45b4d0 PeekMessageA
0x45b4d4 OffsetRect
0x45b4d8 OemToCharA
0x45b4dc MessageBoxA
0x45b4e0 MapWindowPoints
0x45b4e4 MapVirtualKeyA
0x45b4e8 LoadStringA
0x45b4ec LoadKeyboardLayoutA
0x45b4f0 LoadIconA
0x45b4f4 LoadCursorA
0x45b4f8 LoadBitmapA
0x45b4fc KillTimer
0x45b500 IsZoomed
0x45b504 IsWindowVisible
0x45b508 IsWindowEnabled
0x45b50c IsWindow
0x45b510 IsRectEmpty
0x45b514 IsIconic
0x45b518 IsDialogMessageA
0x45b51c IsChild
0x45b520 InvalidateRect
0x45b524 IntersectRect
0x45b528 InsertMenuItemA
0x45b52c InsertMenuA
0x45b530 InflateRect
0x45b538 GetWindowTextA
0x45b53c GetWindowRect
0x45b540 GetWindowPlacement
0x45b544 GetWindowLongA
0x45b548 GetWindowDC
0x45b54c GetTopWindow
0x45b550 GetSystemMetrics
0x45b554 GetSystemMenu
0x45b558 GetSysColorBrush
0x45b55c GetSysColor
0x45b560 GetSubMenu
0x45b564 GetScrollRange
0x45b568 GetScrollPos
0x45b56c GetScrollInfo
0x45b570 GetPropA
0x45b574 GetParent
0x45b578 GetWindow
0x45b57c GetMenuStringA
0x45b580 GetMenuState
0x45b584 GetMenuItemInfoA
0x45b588 GetMenuItemID
0x45b58c GetMenuItemCount
0x45b590 GetMenu
0x45b594 GetLastActivePopup
0x45b598 GetKeyboardState
0x45b5a0 GetKeyboardLayout
0x45b5a4 GetKeyState
0x45b5a8 GetKeyNameTextA
0x45b5ac GetIconInfo
0x45b5b0 GetForegroundWindow
0x45b5b4 GetFocus
0x45b5b8 GetDlgItem
0x45b5bc GetDesktopWindow
0x45b5c0 GetDCEx
0x45b5c4 GetDC
0x45b5c8 GetCursorPos
0x45b5cc GetCursor
0x45b5d0 GetClientRect
0x45b5d4 GetClassNameA
0x45b5d8 GetClassInfoA
0x45b5dc GetCapture
0x45b5e0 GetActiveWindow
0x45b5e4 FrameRect
0x45b5e8 FindWindowA
0x45b5ec FillRect
0x45b5f0 EqualRect
0x45b5f4 EnumWindows
0x45b5f8 EnumThreadWindows
0x45b5fc EndPaint
0x45b600 EnableWindow
0x45b604 EnableScrollBar
0x45b608 EnableMenuItem
0x45b60c DrawTextA
0x45b610 DrawMenuBar
0x45b614 DrawIconEx
0x45b618 DrawIcon
0x45b61c DrawFrameControl
0x45b620 DrawEdge
0x45b624 DispatchMessageA
0x45b628 DestroyWindow
0x45b62c DestroyMenu
0x45b630 DestroyIcon
0x45b634 DestroyCursor
0x45b638 DeleteMenu
0x45b63c DefWindowProcA
0x45b640 DefMDIChildProcA
0x45b644 DefFrameProcA
0x45b648 CreatePopupMenu
0x45b64c CreateMenu
0x45b650 CreateIcon
0x45b654 ClientToScreen
0x45b658 CheckMenuItem
0x45b65c CallWindowProcA
0x45b660 CallNextHookEx
0x45b664 BeginPaint
0x45b668 CharNextA
0x45b66c CharLowerA
0x45b670 CharToOemA
0x45b674 AdjustWindowRectEx
Library kernel32.dll:
0x45b680 Sleep
Library oleaut32.dll:
0x45b688 SafeArrayPtrOfIndex
0x45b68c SafeArrayGetUBound
0x45b690 SafeArrayGetLBound
0x45b694 SafeArrayCreate
0x45b698 VariantChangeType
0x45b69c VariantCopy
0x45b6a0 VariantClear
0x45b6a4 VariantInit
Library comctl32.dll:
0x45b6b4 ImageList_Write
0x45b6b8 ImageList_Read
0x45b6c8 ImageList_DragMove
0x45b6cc ImageList_DragLeave
0x45b6d0 ImageList_DragEnter
0x45b6d4 ImageList_EndDrag
0x45b6d8 ImageList_BeginDrag
0x45b6dc ImageList_Remove
0x45b6e0 ImageList_DrawEx
0x45b6e4 ImageList_Draw
0x45b6f4 ImageList_Add
0x45b6fc ImageList_Destroy
0x45b700 ImageList_Create
0x45b704 InitCommonControls
Library comdlg32.dll:
0x45b70c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.